The Presentation

The Trustwave 2012 Global Security Report highlights top data security risk areas, offering predictions on future targets based on analysis and perceived trends. This 45 min., presentation will provide the attendee with a understanding current threats, techniques and entertaining examples-Results from over 300 incident response and forensic investigations performed across 18 different countries _ you can learn how to fight better if you understand history.-Results analysis from over 2000 manual penetration tests and over 2 million network and application vulnerability scans the results will surprise you. _ attendee will better understand what SpiderLabs is seeing in the real world-Analysis and trends from 16 Billion emails from 2008 to 2011 _ the results are surpising -Usage and weakness analysis of over 2 million business passwords _ what r00t can tell you about your user base.- Analysis of Denial of Service incidents of 2011 and update on OWASP http post tool and the OWASP CRS Mod_Security project-Analysis of almost 300,000 different digital certificates (SSL) from a scan of over 17 million Internet facing devices including The Online Certificate Status Protocol (OCSP) usage data from our SSL infrastructureReferences to OWASP projects and methodologies in helping the attendee deal with yesterdays problems, tomorrow.

The Speakers

Tom Brennan

Bio TBA

Nick Percoco

Nicholas J. Percoco

Senior Vice President, SpiderLabs
Trustwave

With more than 15 years of information security experience, Percoco leads the global SpiderLabs organization that has performed more than 1300 computer incident response and forensic investigations globally, run thousands of ethical hacking and application security tests for clients, and conduct bleeding-edge security research to improve Trustwave's products.

Prior to joining Trustwave, Percoco ran security consulting practices at VeriSign, and Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS).

As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEFCON, SecTor, You Sh0t the Sheriff, OWASP) and private audiences (Including DHS, US-CERT, Interpol, United State Secret Service) throughout North America, South America, Europe, and Asia.

Percoco and his research has been featured by many news organizations including: The Washington Post, eWeek, PC World, CNET, Wired, Hakin9, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times and The Wall Street Journal.

In 2011, SC Magazine named Percoco Security Researcher of the Year. In addition, he was inducted into the inaugural class of the Illinois State University College of Applied Science and Technology Academy of Achievement.

Percoco is a member of the Dean's Advisory Board for The College of Applied Science & Technology at Illinois State University and a co-creator on the planning committee of THOTCON, a hacking and security conference held in Chicago each year. He has a Bachelor of Science in Computer Science from Illinois State University.